release 0.5, with NEWS, LICENSE, etc.

tlsfuzzer · Apr 27, 2010 · d492d94 · d492d94
1 parent 4cd6193
commit d492d94
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 7 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -0,0 +1,9 @@
+Tue Apr 27 11:55:53 2010  Brian Warner  <warner@lothar.com>
+
+	* NEWS: release python-ecdsa-0.5
+
+Tue Apr 27 11:52:45 2010  Brian Warner  <warner@lothar.com>
+
+	* README: update for 0.5 release
+	* LICENSE: release under the MIT license
+	* ecdsa/__init__.py: point to github home page
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,24 @@
+"python-ecdsa" Copyright (c) 2010 Brian Warner
+
+Portions written in 2005 by Peter Pearson and placed in the public domain.
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
diff --git a/NEWS b/NEWS
@@ -0,0 +1,6 @@
+
+* Release 0.5 (27 Apr 2010)
+
+Initial release. EC-DSA signature for five NIST "Suite B" GF(p) curves:
+prime192v1, secp224r1, prime256v1, secp384r1, and secp521r1. DER/PEM
+input/output functions, seed-to-randrange helper functions.
diff --git a/README b/README
@@ -2,10 +2,11 @@
 = Pure-Python ECDSA =
 
 This is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve
-Digital Signature Algorithm), implemented purely in Python. With this
-library, you can quickly create keypairs (signing key and verifying key),
-sign messages, and verify the signatures. The keys and signatures are very
-short, making them easier to handle and incorporate into other protocols.
+Digital Signature Algorithm), implemented purely in Python, released under
+the MIT license. With this library, you can quickly create keypairs (signing
+key and verifying key), sign messages, and verify the signatures. The keys
+and signatures are very short, making them easy to handle and incorporate
+into other protocols.
 
 == Features ==
 
@@ -17,7 +18,7 @@ other curves are included, but it would not be too hard to add more.
 
 == Speed ==
 
-The following table shows how long this library takes to generate keys
+The following table shows how long this library takes to generate keypairs
 (keygen=), to sign data (sign=), and to verify those signatures (verify=), on
 my 2008 Mac laptop. All times are in seconds. It also shows the length of a
 signature (in bytes): the verifying ("public") key is typically the same
@@ -60,11 +61,23 @@ more for the wrapper. To run them all, do this:
 
 On my 2009 Mac laptop, the combined tests take about 34 seconds to run.
 
+One component of test_pyecdsa.py checks compatibility with OpenSSL, by
+running the "openssl" CLI tool. If this tool is not on your $PATH, you may
+want to comment out this test (the easiest way is to add a line that says
+"del OpenSSL" to the end of test_pyecdsa.py).
+
+== Security ==
+
+This library does not protect against timing attacks. Do not allow attackers
+to measure how long it takes you to generate a keypair or sign a message.
+This library depends upon a strong source of random numbers. Do not use it on
+a system where os.urandom() is weak.
+
 == Usage ==
 
 You start by creating a SigningKey. You can use this to sign data, by passing
 in a data string and getting back the signature (also a string). You can also
-ask a signingKey to give you the corresponding VerifyingKey. The VerifyingKey
+ask a SigningKey to give you the corresponding VerifyingKey. The VerifyingKey
 can be used to verify a signature, by passing it both the data string and the
 signature string: it either returns True or raises BadSignatureError.
 

diff --git a/ecdsa/__init__.py b/ecdsa/__init__.py
@@ -5,3 +5,5 @@
 _hush_pyflakes = [SigningKey, VerifyingKey, BadSignatureError, BadDigestError,
                   NIST192p, NIST224p, NIST256p, NIST384p, NIST521p]
 del _hush_pyflakes
+
+# This code comes from http://github.com/warner/python-ecdsa
diff --git a/setup.py b/setup.py
@@ -7,7 +7,7 @@
 #  python ecdsa/test_pyecdsa.py   # look for "Failure:" messages
 
 setup(name="ecdsa",
-      version="x",
+      version="0.5",
       description="ECDSA cryptographic signature library (pure python)",
       author="Brian Warner",
       author_email="warner-pyecdsa@lothar.com",